Liran Tal
@lirantal.com
🦄 Node.js Secure Coding: http://nodejs-security.com
🌟 @GitHub Star
🏅 @OpenJS Pathfinder award for Security
🥑 DevRel at @snyksec
🌟 @GitHub Star
🏅 @OpenJS Pathfinder award for Security
🥑 DevRel at @snyksec
what do you say chat, should I launch it ??
December 15, 2025 at 7:00 PM
what do you say chat, should I launch it ??
star wars happily ever after when ??
December 15, 2025 at 4:00 PM
star wars happily ever after when ??
December 15, 2025 at 10:00 AM
the old Snyk gang w/ Simon and Stephanie 💜🤗
Tessl's AI Native DevCon was a fun reunion!
Tessl's AI Native DevCon was a fun reunion!
December 15, 2025 at 7:00 AM
the old Snyk gang w/ Simon and Stephanie 💜🤗
Tessl's AI Native DevCon was a fun reunion!
Tessl's AI Native DevCon was a fun reunion!
Sean Roberts at AI Native DevCon had a good talk and great references 🤘
December 12, 2025 at 7:00 PM
Sean Roberts at AI Native DevCon had a good talk and great references 🤘
what has become of Cursor ??
December 12, 2025 at 4:00 PM
what has become of Cursor ??
is this slide driving the point across on why Snyk Studio is critical to connect to your agentic coding workflows?
December 12, 2025 at 10:00 AM
is this slide driving the point across on why Snyk Studio is critical to connect to your agentic coding workflows?
it's all fun and games right until the point when your toy (the LLM) becomes someone else's weapon
December 12, 2025 at 7:00 AM
it's all fun and games right until the point when your toy (the LLM) becomes someone else's weapon
largely here are my 2 biggest takeaways for actionable MCP server security
the model context protocol gets cited about authentication and identity, but there are other security pitfalls. bookmark and share 👇
the model context protocol gets cited about authentication and identity, but there are other security pitfalls. bookmark and share 👇
December 11, 2025 at 7:00 PM
largely here are my 2 biggest takeaways for actionable MCP server security
the model context protocol gets cited about authentication and identity, but there are other security pitfalls. bookmark and share 👇
the model context protocol gets cited about authentication and identity, but there are other security pitfalls. bookmark and share 👇
how cool is it that the Snyk IDE extension to VS Code (and others) exposes insecure code of MCP servers and gives you a fix?
December 11, 2025 at 4:01 PM
how cool is it that the Snyk IDE extension to VS Code (and others) exposes insecure code of MCP servers and gives you a fix?
if you're installing MCP servers for your agentic apps or you're deploying them at scale and you don't know what this visual is about then you're into a world of (security) pain
AMA
AMA
December 11, 2025 at 10:01 AM
if you're installing MCP servers for your agentic apps or you're deploying them at scale and you don't know what this visual is about then you're into a world of (security) pain
AMA
AMA
the Cursor + Jira security incident due to an MCP server in one chart
bookmark and ask me questions 👇
bookmark and ask me questions 👇
December 11, 2025 at 7:01 AM
the Cursor + Jira security incident due to an MCP server in one chart
bookmark and ask me questions 👇
bookmark and ask me questions 👇
darth vader knows something that you don't (google: toxic flow analysis)
December 10, 2025 at 7:00 PM
darth vader knows something that you don't (google: toxic flow analysis)
to you, a developer, those 2 features look like an upside, yes?
to an attacker? they're also an upside
pay attention
to an attacker? they're also an upside
pay attention
December 10, 2025 at 4:00 PM
to you, a developer, those 2 features look like an upside, yes?
to an attacker? they're also an upside
pay attention
to an attacker? they're also an upside
pay attention
listen to this yoda dude, he knows a thing or two
write-up here on the Snyk website: snyk.io/articles/mcp...
write-up here on the Snyk website: snyk.io/articles/mcp...
December 10, 2025 at 10:00 AM
listen to this yoda dude, he knows a thing or two
write-up here on the Snyk website: snyk.io/articles/mcp...
write-up here on the Snyk website: snyk.io/articles/mcp...
who's up for my MCP Security talk?
malware guaranteed, insecure code expected, and best practices? I'll spice those up too
malware guaranteed, insecure code expected, and best practices? I'll spice those up too
December 10, 2025 at 7:00 AM
who's up for my MCP Security talk?
malware guaranteed, insecure code expected, and best practices? I'll spice those up too
malware guaranteed, insecure code expected, and best practices? I'll spice those up too
JSNation was fun. I was quite tired from the busy week in New York (had to wrangle 3 different events, 3 different talks) but it's always good connecting with friends and meeting new humans 💜
December 9, 2025 at 7:00 PM
JSNation was fun. I was quite tired from the busy week in New York (had to wrangle 3 different events, 3 different talks) but it's always good connecting with friends and meeting new humans 💜
when you receive Snyk dependency updates PR, it gives you:
- The version gap
- The version lag in days
- Changelog
You're already at a better shape of making a correct decision than blind upgrading with `npm upgrade` or some other automation that misses those signals
- The version gap
- The version lag in days
- Changelog
You're already at a better shape of making a correct decision than blind upgrading with `npm upgrade` or some other automation that misses those signals
December 9, 2025 at 4:00 PM
when you receive Snyk dependency updates PR, it gives you:
- The version gap
- The version lag in days
- Changelog
You're already at a better shape of making a correct decision than blind upgrading with `npm upgrade` or some other automation that misses those signals
- The version gap
- The version lag in days
- Changelog
You're already at a better shape of making a correct decision than blind upgrading with `npm upgrade` or some other automation that misses those signals
going to remind you again to go through these Shai Hulud post-mortem practices so you don't get pawned next time:
NPM Security Best Practices: How to Protect Your Packages After the 2025 Shai Hulud Attack | Snyk
Harden your npm environment against supply chain attacks like Shai-Hulud. Learn 12 essential best practices for developers and maintainers, covering post-install scripts, 2FA, provenance, and deterministic installs.
snyk.io
December 9, 2025 at 10:01 AM
going to remind you again to go through these Shai Hulud post-mortem practices so you don't get pawned next time:
y'all are surprised about Anthropic + Bun but I'm not because I've been following Jarred for years and it has been a pleasure watching him build in public
December 9, 2025 at 7:00 AM
y'all are surprised about Anthropic + Bun but I'm not because I've been following Jarred for years and it has been a pleasure watching him build in public
this would've fooled me
totally looks real. totally nano banana.
scary times!
totally looks real. totally nano banana.
scary times!
December 8, 2025 at 7:00 PM
this would've fooled me
totally looks real. totally nano banana.
scary times!
totally looks real. totally nano banana.
scary times!
The Shai Hulud post-mortem best practices blog made it to the top of Awesome Node.js Newsletter
Go read it up
Go read it up
December 8, 2025 at 4:00 PM
The Shai Hulud post-mortem best practices blog made it to the top of Awesome Node.js Newsletter
Go read it up
Go read it up
Are you using Nano Banana in a programmatic API way? what sort of practices and tips did you pick up? here are mine for the Gemini AI SDK:
Gemini Nano Banana Cheat Sheet for JavaScript Developers | Snyk
Explore this cheat sheet for JavaScript/TypeScript developers on integrating Google's Gemini Nano Banana model. Master the AI SDK, prompt engineering, image generation, Data URL conversion, and security best practices with Snyk Studio.
snyk.io
December 8, 2025 at 10:01 AM
Are you using Nano Banana in a programmatic API way? what sort of practices and tips did you pick up? here are mine for the Gemini AI SDK:
want to learn statistics in a visual way? stumbled onto this cool work: seeing-theory.brown.edu/basic-probab...
December 8, 2025 at 7:00 AM
want to learn statistics in a visual way? stumbled onto this cool work: seeing-theory.brown.edu/basic-probab...
well written postmortem report from posthog on their Shai-Hulud malware incident:
Post-mortem of Shai-Hulud attack on November 24th, 2025 - PostHog
At 4:11 AM UTC on November 24th, a number of our SDKs and other packages were compromised, with a malicious self-replicating worm - Shai-Hulud 2.…
posthog.com
December 5, 2025 at 7:01 PM
well written postmortem report from posthog on their Shai-Hulud malware incident: